Podcasts about Internet security

Welcome back to another episode of To the Point Cybersecurity, where hosts Rachael Lyon and Jonathan Knepher dig into the evolving world of cyber threats, national security, and the intersection of technology and society. In this episode, we continue our conversation with John Cohen, Executive Director of the Program for Countering Hybrid Threats at the Center for Internet Security. John shares real-world examples from the frontlines, detailing how threat actors—from nation-states to extremist groups—leverage open forums and online platforms not only to carry out cyberattacks, but also to coordinate, inspire, and instruct physical violence. He explains the challenges of rapidly getting critical threat intelligence into the right hands, the importance of distinguishing between protected speech and real threats, and the new mindset needed to effectively respond to increasingly hybrid and ideologically-driven dangers. Tune in for insightful stories, actionable advice for both the public and private sectors, and a candid discussion on the societal challenges of disinformation, online radicalization, and the need for open conversations to build resilience in our digital and physical worlds. And to learn more about Center for Internet Security's Threat WA initiative visit https://www.cisecurity.org/threatwa . For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e331

In this eye-opening kickoff to Season 6, Darnley dives into the hidden world of surveillance capitalism—where your clicks, swipes, and searches are turned into profit. You ARE the product. Discover how data profiling shapes your digital life, influences what you see, and quietly sells your behaviour to the highest bidder. Real-world examples, practical tips, and that signature Cyber Cafe vibe.☕ Tune in, stay private, and listen to how to protect yourself. Click here to send future episode recommendationSupport the showSubscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

Welcome to a brand new episode of To the Point Cybersecurity! This week, hosts Rachael Lyon and Jonathan Knepher are joined by John Cohen, Executive Director of the Program for Countering Hybrid Threats at the Center for Internet Security. With more than forty years of experience in law enforcement, counterintelligence, and homeland security, John brings a wealth of insights into the ever-evolving landscape of multidimensional threats—where cyber, physical, and information operations are increasingly intertwined. In this episode, John unpacks how bad actors, from foreign intelligence to criminal organizations, are leveraging online platforms and social media not just to carry out cyberattacks, but also to influence public perception, disrupt critical infrastructure, and undermine trust in institutions. The discussion dives into real-world scenarios—like attempts to disrupt elections, attacks on local government systems, and the complex challenges these “hybrid” threats pose to traditional cybersecurity models. You'll hear how new frameworks and collaborative approaches are helping state and local governments—and the private sector—move the needle toward greater resilience. Plus, John explains key initiatives like ThreatWire and Secure Cyber Cities, which are reshaping how threat intelligence is gathered, shared, and acted on in real time. Get ready for an eye-opening conversation that blends practical advice, thought-provoking examples, and a forward look at the shifting threat landscape. Whether you're a cybersecurity professional, policymaker, or just curious about how online threats are changing our world, this episode is packed with timely insights you won't want to miss! Learn More By Visiting The Center for Internet Security https://www.cisecurity.org/threatwa For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e330

Join host G Mark Hardy on CISO Tradecraft as he welcomes expert Scott Gicking to discuss the Center for Internet Security's (CIS) Controls Self-Assessment Tool (CSAT). Learn what CSAT is, how to effectively use it, and how it can enhance your career in cybersecurity. Stay tuned for insights on creating effective security frameworks, measuring maturity, and improving organizational security posture using the CSAT tool.   Scott Gicking - https://www.linkedin.com/in/scottgickingus/ CIS CSAT - https://www.cisecurity.org/controls/cis-controls-self-assessment-tool-cis-csat Transcripts: https://docs.google.com/document/d/1WAI9U0WEUSJH1ZVWM1HdtFEf-O9hLJBe   Chapters 01:16 Guest Introduction: Scott Gicking 02:49 Scott's Career Journey 04:03 The Hollywood Cybersecurity Incident 07:38 Introduction to CIS and Its Importance 09:49 Understanding the CIS CSAT Tool 10:13 Implementing CIS CSAT in a Real-World Scenario 13:00 Benefits of the CIS CSAT Tool 18:38 Developing a Three-Year Roadmap with CSAT 23:25 Scoring Policies and Controls 24:20 Control Implementation and Automation 25:22 CMMC Certification Levels 27:52 Honest Self-Assessment 30:01 Quick and Dirty Assessment Approach 33:07 Building Trust and Reporting 37:38 Business Impact Analysis Tool 40:02 Reputational Damage and CISO Challenges 42:55 Final Thoughts and Contact Information

When marketing and comms teams aren't aligned, it shows. In this episode, Drew Neisser is joined by CMOs Cary Bainbridge (ABM Industries), Laura MacGregor (Center for Internet Security), and Grant Johnson (Chief Outsiders) for a candid look at what it really takes to get marketing and comms moving in sync. From co-owning messaging to embedding AI tools and crisis plans into the mix, these leaders share how to stay coordinated without stepping on each other's toes. Here's what you'll hear: How Cary and her comms partner rolled out a brand relaunch to 100,000 employees Why Laura brought marketing and comms under one roof, and what that made possible How Grant built cross-functional accountability with the right metrics Plus: What to do when misinformation hits, and the playbooks you'll want ready How AI is speeding up localization, automation, and cross-team coordination How to activate internal brand champions and cross-functional councils What stakeholder engagement looks like when it's done right Why comms needs a direct line to the C-Suite, and what happens when it doesn't If you're done playing telephone across departments, this episode offers a practical path to alignment so marketing and comms stay in sync. Tune in! For full show notes and transcripts, visit https://renegademarketing.com/podcasts/ To learn more about CMO Huddles, visit https://cmohuddles.com/

In this episode of the cybersecurity month-end review, host Jim Love is joined by Daina Proctor from IBM in Ottawa, Randy Rose from The Center for Internet Security from Saratoga Springs, and David Shipley, CEO of Beauceron Security from Fredericton. The panel discusses major cybersecurity stories from the past month, including the Oracle Cloud breach and its communication failures, the misuse of Signal by U.S. government officials, and global cybersecurity regulation efforts such as the UK's new critical infrastructure laws. They also cover notable incidents like the Kuala Lumpur International Airport ransomware attack and the NHS Scotland cyberattack, the continuous challenges of EDR bypasses, and the importance of fusing anti-fraud and cybersecurity efforts. The discussion emphasizes the need for effective communication and stringent security protocols amidst increasing cyber threats. 00:00 Introduction and Panelist Introductions 01:25 Oracle Cloud Breach: A Case Study in Incident Communication 10:13 Signal Group Chat Controversy 20:16 Leadership and Cybersecurity Legislation 23:30 Cybersecurity Certification Program Overview 24:27 Challenges in Cybersecurity Leadership 24:59 Importance of Data Centers and MSPs 26:53 UK Cybersecurity Bill and MSP Standards 28:09 Cyber Essentials and CMMC Standards 32:47 EDR Bypasses and Small Business Security 39:32 Ransomware Attacks on Critical Infrastructure 43:34 Law Enforcement and Cybercrime 47:24 Conclusion and Final Thoughts

2Drex discuss CSA's decision to cut $10 million in funding to the Center for Internet Security's management of MS-ISAC and EI-ISAC programs, which coordinate critical threat information for state, local, and election infrastructure. Meanwhile, a new ransomware gang called Mora 0 0 1 is targeting 49 firewalls by exploiting known vulnerabilities to gain initial network access. The FBI and CISA have also issued warnings about the Medusa ransomware-as-a-service, which has attacked over 300 victims across multiple industries including healthcare since February.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

This originally aired on GovExec TV.The 2024 elections concluded smoothly, but what lessons did we learn about AI's impact on election security? A distinguished panel—including John Gilligan of the Center for Internet Security, John Cohen of DHS, and Marci Andino, former State Election Director for South Carolina—explores the role of AI in identifying threats, managing misinformation, and supporting electoral integrity. In this episode of GovExec TV, uncover the pivotal role AI played in securing the democratic process.Panelists Include:Marci AndinoJohn CohenJohn GilliganHosted by:George JacksonMusic Credits: Sea Breeze by Vlad Gluschenko | https://soundcloud.com/vgl9Music promoted by https://www.free-stock-music.comCreative Commons Attribution 3.0 Unported Licensehttps://creativecommons.org/licenses/by/3.0/deed.en_

The American Democracy Minute Radio Report & Podcast for March 14, 2025DOGE Cuts 300 Experts From CISA's Election Security Team and U.S. Government Cybersecurity Support; Funding for State Cybersecurity Also SuspendedMore Trump administration mass layoffs at CISA have experts raising concerns over U.S. readiness for cyber attacks on election infrastructure and federal agency networks.  An additional 100 inhouse and contracted cyber specialists were terminated in early March. Some podcasting platforms strip out our links.  To read our resources and see the whole script of today's report, please go to our website at https://AmericanDemocracyMinute.orgToday's LinksArticles & Resources:American Democracy Minute -  CISA Pauses All Election Security Programs for Full ReviewThe Register - CISA pen-tester says 100-strong red team binned after DOGE canceled contractCISA - Statement on CISA's Red TeamInfosecurity Magazine - Trump Administration Shakes Up CISA with Staff and Funding CutsTechCrunch - DOGE axes CISA ‘red team' staffers amid ongoing federal cutsCBS News - Cybersecurity agency's top recruits decimated by DOGE cutsVotebeat - U.S. agency has stopped supporting states on election security, official confirmsCenter for Internet Security - "Due to the termination of funding by the Department of Homeland Security, the Center for Internet Security no longer supports the EI-ISAC."Groups Taking Action:Common Cause Election Disinformation, Protect Democracy, Election Worker Legal Defense Network,  Center for Internet Security/ISA, IssueOne/Don't Mess With US.orgPlease follow us on Facebook and Bluesky Social, and SHARE! Find all of our reports at AmericanDemocracyMinute.orgWant ADM sent to your email?  Sign up here!#Democracy  #DemocracyNews #ProtectElections #CISA #DOGE #ElectionIntegrity

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Opening:TribalHub & Tribal ISAC!TribalHub Annual Cybersecurity Summit WrapupCybersecurity summit discusses challenges tribes face from hacksHealth ISAC!TLP White 2024 Health-ISAC Discussion Based Exercise Series After-Action ReportHow Hackers Using AI Tools Threaten the Health SectorBlockchain & Crypto: Risky Biz News - Bybit hack post-mortem1inch Hack Exposes $5M Flaw – Is It Time for Best Wallet Token?Feds Link $150M Cyberheist to 2022 LastPass HacksA $1.5 Billion Hack: How the Biggest Crypto Heist in History Went DownDue to the termination of funding by the Department of Homeland Security, the Center for Internet Security no longer supports the EI-ISACMain Items:Ransomware & Data Breaches: #NotRansomware: FBI Warns of Data Extortion Scam Targeting Corporate ExecutivesMail Scam Targeting Corporate Executives Claims Ties to RansomwareSnail Mail Fail: Fake Ransom Note Campaign Preys on FearBianLian Denies Involvement in Ransom Letters: “Not Our Doing,” Group Tells SuspectFile.comSuspectFile.com – What is your official position regarding the physical letters sent to corporate executives in the United States claiming to be from your group?BianLian – We never do that. That is scam.Sault Ste. Marie Tribe Says It Refused to Pay Cyberattackers' RansomQ4 Travelers' Cyber Threat Report: Ransomware Goes Full ScaleSault Tribe Chairman says tribe will not pay hacker's ransom request (video)Highway Robbery 2.0: How Attackers Are Exploiting Toll Systems in Phishing ScamsTerrorism:Press Release - Global Terrorism Index 2025: Terrorism Spreads as Lone Wolf Attacks Dominate the West & Terrorism Trends Fueled by Sahel Conflicts, Western Lone Actor AttacksSee Something, Say Something. 'Erratic' man at Kentucky church told police about plans to bomb major city, cops sayHouston teen indicted for conspiring to commit murder under new terrorism law Plan to attack Australia synagogue faked by organized crime: policeA boy with a loaded shotgun boarded a plane in Australia but was tackled by a former boxerA driver rams a car into crowd in Germany's Mannheim, leaving 2 dead and 11 injuredQuick Hits:'Five Eyes alliance' crumbling after UK, Australia, New Zealand and Canada give US cold shoulderFBI PSA: Beijing Leveraging Freelance Hackers and Information Security Companies to Compromise Computer Networks WorldwideCisco Talos exposes Lotus Blossom cyber espionage campaigns targeting governments, telecom, mediaChinese Nationals with Ties to the PRC Government and “APT27” Charged in a Computer Hacking Campaign for Profit, Targeting Numerous U.S. Companies, Institutions, and MunicipalitiesSelect Committee on the Chinese Communist Party Holds Hearing — " End the Typhoons: How to Deter Beijing's Cyber Actions and Enhance America's Lackluster Cyber Defenses”Former top NSA cyber official: Probationary firings ‘devastating' to cyber, national security & Former intelligence officials denounce job cuts to federal cyber roles.Treasury Suspends Rule Requiring Disclosure Of LLCs' True Owners & Dept. of Treasury Press Release: Treasury Department Announces Suspension of Enforcement of Corporate Transparency Act Against U.S. Citizens and Domestic Reporting CompaniesPolish space agency investigates cyberattack on its systemsCybersecurity Job Satisfaction Plummets, Women Hit HardestCisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities

This episode focuses on cybersecurity and the responsibility of both companies and citizens in today's digital environment. The hosts discuss trends, habits, security perception, and the implications of the NIS2 regulation. They analyze recent incidents, such as a security breach at El Corte Inglés caused by its supply chain. Furthermore, they interview Hervé Lambert from Panda Security to discuss a report they conducted that analyzes digital consumption habits, emphasizing generational differences and awareness of cyber threats. Finally, they announce a ticket giveaway for the Rooted event and discuss cryptography with Alfonso Muñoz. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/

Amazon has announced the discontinuation of its video conferencing service, Chime, effective February 20, 2026, opting instead to adopt Zoom and Microsoft 365 for its internal operations. This decision follows a billion-dollar deal with Microsoft for 365, reflecting a significant shift in Amazon's approach to enterprise communication. The transition to Zoom is seen as a strategic move, as Chime struggled to gain traction in the market. This endorsement of Zoom strengthens its position in the enterprise communications sector, while Microsoft 365's integration aligns with a broader trend of companies gravitating towards Microsoft's ecosystem.Zoom has recently launched new automation tools, including the Zoom Workflow Automation, designed to enhance productivity by allowing users to automate routine tasks with the help of AI. This tool integrates seamlessly with third-party applications like Jira, enabling automated actions such as generating meeting summaries. Additionally, Zoom has introduced the Zoom Up Services Program, which aims to enhance partner revenue opportunities and improve post-sales success. This program represents a shift towards a more partner-centric approach, allowing partners to unlock new revenue streams and deliver exceptional solutions.In the realm of cybersecurity, Right of Boom has partnered with the Center for Internet Security to launch a comprehensive training course aimed at managed service providers. This course, featuring 300 modules and a certification test, is designed to help providers master essential cybersecurity controls amidst increasing cyber threats. While the course's certification may not hold significant value for customers, its ties to highly regarded CIS frameworks and practical lab components make it a relevant option for providers looking to enhance their skills and showcase their security proficiency.On the technology front, Microsoft has made strides in quantum computing with its new Majorana 1 processor, which could potentially accommodate one million qubits. This advancement, made possible through the development of a new material and architecture, represents a significant milestone in quantum computing. However, experts caution that while this breakthrough is promising, practical applications are still years away. The podcast also highlights rising concerns in cybersecurity, with a report indicating an increase in endpoint malware detections, emphasizing the need for organizations to adopt AI-powered threat detection solutions to combat evolving threats. Four things to know today 00:00 With Chime Gone, Amazon Bets on Zoom and Microsoft 365—Meanwhile, Zoom Doubles Down on AI and Partnerships04:27 Right of Boom's New Course Targets MSP Security Gaps, But Will It Gain Traction?05:57 From Malware Surges to Microsoft's Mixed Messaging—Security Challenges Mount07:57 Quantum Computing Breakthrough? Microsoft's Majorana 1 Aims for a Million Qubits  Supported by:  https://getflexpoint.com/msp-radio/ Event: : https://www.nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Above Phone - https://abovephone.com/?above=160 Promo Code - PERMA $50 Off Living Soil Foundation GiveSendGo - https://givesendgo.com/GE2E8?utm_source=sharelink&utm_medium=copy_link&utm_campaign=GE2E8 If you would prefer to send a check: Living Soil Foundation  PO Box 2098 Mars Hill, NC 28754 https://linktr.ee/permapasturesfarm Jonathan Otto's Website: myredlight.com Promo Code: billy - 10% Off The Farm Connection - https://thefarmconnectionmadco.com/?bg_ref=DXSPR1mX46 Promo Code: PERMA - 10% Off Shalom Temple Health "Sustain Me" 5 Day Immersive Event Featuring Barbara O'Neill -  https://nomadicwonders.com/holistic-health-wellness-coaching/barbara-o-neill-event/ Link for Groups of 10 or More - https://www.eventbrite.com/e/sustain-me-5-day-immersive-event-featuring-barbara-oneill-tickets-1084508808039?discount=BulkNC25OFF Veterans 15% Discount - https://www.eventbrite.com/e/sustain-me-5-day-immersive-event-featuring-barbara-oneill-tickets-1084508808039?discount=Veteran15OFF Mountain Readiness Expo May 4-5, 2025 - https://www.mountainreadiness.com WAVwatch - $100 Off - https://buy.wavwatch.com/?ref=billy100 Promo Code: BILLY100 Redmond Products - 15% Off -   https://glnk.io/oq72y/permapasturesfarm Promo Code: perma Redemption Shield - 10% Off - https://www.redemptionshield.com/ Promo Code: perma Get $50 Off EMP Shield: https://www.empshield.com  Promo Code: perma Harvest Right Freeze Dryer: https://affiliates.harvestright.com/1247.html Online Pig Processing: https://sowtheland.com/online-workshops-1 Patreon: https://www.patreon.com/user

Above Phone - https://abovephone.com/?above=160 Promo Code - PERMA $50 Off Living Soil Foundation GiveSendGo - https://givesendgo.com/GE2E8?utm_source=sharelink&utm_medium=copy_link&utm_campaign=GE2E8 If you would prefer to send a check: Living Soil Foundation  PO Box 2098 Mars Hill, NC 28754 https://linktr.ee/permapasturesfarm Jonathan Otto's Website: myredlight.com Promo Code: billy - 10% Off The Farm Connection - https://thefarmconnectionmadco.com/?bg_ref=DXSPR1mX46 Promo Code: PERMA - 10% Off Shalom Temple Health "Sustain Me" 5 Day Immersive Event Featuring Barbara O'Neill -  https://nomadicwonders.com/holistic-health-wellness-coaching/barbara-o-neill-event/ Link for Groups of 10 or More - https://www.eventbrite.com/e/sustain-me-5-day-immersive-event-featuring-barbara-oneill-tickets-1084508808039?discount=BulkNC25OFF Veterans 15% Discount - https://www.eventbrite.com/e/sustain-me-5-day-immersive-event-featuring-barbara-oneill-tickets-1084508808039?discount=Veteran15OFF Mountain Readiness Expo May 4-5, 2025 - https://www.mountainreadiness.com WAVwatch - $100 Off - https://buy.wavwatch.com/?ref=billy100 Promo Code: BILLY100 Redmond Products - 15% Off -   https://glnk.io/oq72y/permapasturesfarm Promo Code: perma Redemption Shield - 10% Off - https://www.redemptionshield.com/ Promo Code: perma Get $50 Off EMP Shield: https://www.empshield.com  Promo Code: perma Harvest Right Freeze Dryer: https://affiliates.harvestright.com/1247.html Online Pig Processing: https://sowtheland.com/online-workshops-1 Patreon: https://www.patreon.com/user

Security takes center stage in this episode as Lois Houston and Nikita Abraham are joined by MySQL Solution Engineer Ravish Patel. Together, they explore MySQL's security features, addressing key topics like regulatory compliance.   Ravish also shares insights on protecting data through encryption, activity monitoring, and access control to guard against threats like SQL injection and malware.   MySQL 8.4 Essentials: https://mylearn.oracle.com/ou/course/mysql-84-essentials/141332/226362 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu   Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode.   ---------------------------------------------------------   Episode Transcript:   00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative  podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me today is Nikita Abraham, Team Lead of Editorial Services. Nikita: Hey everyone! In our last episode, we took a look at MySQL database design. Today is the first of a two-part episode on MySQL security.  Lois: In Part 1, we'll discuss how MySQL supports regulatory compliance and how to spot and handle common security risks.  00:55 Nikita: Joining us today is Ravish Patel, a MySQL Solution Engineer at Oracle. Hi Ravish! Let's start by talking about how MySQL supports regulatory compliance. 01:06 Ravish: Some of the most important international regulations that we have surrounding data and organizations include the GDPR, HIPAA, Sarbanes-Oxley, the UK Data Protection Act, and the NIS2. Although each regulatory framework differs in the details, in general, you must be able to comply with certain key requirements and all of which are enabled by MySQL. First, you must be able to monitor user activity on the system, which includes keeping track of when new users are created, when the schema changes, and when backups are taken and used. You must protect data, for example, by ensuring that databases that are stored on disk are encrypted at REST and ensuring that only authorized users have privileges to access and modify the data. You must have the appropriate retention policies in place for your data, ensuring that backups are held securely and used only for the purpose intended. You must be able to audit access to the data so that you can trace which users gained access to records or when they were modified. All of these facilities are available in MySQL, either as part of the core community edition features or made available through enterprise features. 02:21 Lois: What kind of risks might we encounter, Ravish, and how can we address them? Ravish: As your system grows in complexity, you're likely going to have more risks associated with it. Some of those risks are associated with the human factors that come with any computer system. These might be errors that are introduced when people perform work on the system, either administrative work on the environment or database or work that developers and testers perform when working on a changing system. You might even have malicious users trying to exploit the system or good faith users or support staff who make changes without proper consideration or protection from knock-on effects. At the foundation are the necessary components of the system, each of which might be vulnerable to human error or malicious actors. Every piece of the system exposes possible risks, whether that's the application presented to users, the underlying database, the operating system or network that it works on, or processes such as backups that place copies of your data in other locations. More complex environments add more risks. High availability architectures multiply the number of active systems. Consolidating multiple application databases on a single server exposes every database to multiple vectors for bugs and human error. Older, less well supported applications might give more challenges for maintenance. Engaging external contractors might reduce your control over authorized users. And working in the cloud can increase your network footprint and your reliance on external vendors.  03:53 Nikita: What are risks that specifically impact the database? Ravish: The database server configuration might not be optimal. And this can be changed by users with proper access. To mitigate this risk, you might enable version control of the configuration files and ensure that only certain users are authorized. Application and administrator accounts might have more data privileges than required, which adds risk of human error or malicious behavior. To mitigate this, you should ensure that users are only granted necessary permissions. In particular, structural modifications and administrative tasks might be more widely accessible than desired. Not every developer needs full administrative rights on a database. And certainly, an application should not have such privileges. You should limit administrative privileges only to those users who need that authorization. 04:45 Nikita: Okay, quick question, Ravish. How do authentication and password security fit into this picture? Ravish: Authentication is often a weak point. And password security is one of the most common issues in large applications. Ensure that you have strong password policies in place. And consider using authentication mechanisms that don't solely rely on passwords, such as pass-through authentication or multifactor authentication. 05:11 Lois: So, it sounds like auditing operations are a critical part of this process, right? Ravish: When something bad happens, you can only repair it or learn from it if you know exactly what has happened and how. You should ensure that you audit key operations so you can recover from error or malicious actions. If a developer laptop is lost or stolen or someone gains access to an underlying operating system, then your data might become vulnerable. You can mitigate this by encrypting your data in place.  This also applies to backups and, where possible, securing the connection between your application and the database to encrypt data in flight. 05:54 Did you know that Oracle University offers free courses on Oracle Cloud Infrastructure? You'll find training on everything from multicloud, database, networking, and security to artificial intelligence and machine learning, all free for our subscribers. So, what are you waiting for? Pick a topic, head over to mylearn.oracle.com and get started. 06:18 Nikita: Welcome back! Before the break, we touched on the importance of auditing. Now, Ravish, what role does encryption play in securing these operations? Ravish: Encryption is only useful if the keys are secure. Make sure to keep your encryption assets secure, perhaps by using a key vault. Every backup that you take contains a copy of your data. If these backups are not kept securely, then you are at risk, just as if your database wasn't secure. So keep your backups encrypted. 06:47 Lois: From what we've covered so far, it's clear that monitoring is essential for database security. Is that right? Ravish: Without monitoring, you can't track what happens on an ongoing basis. For example, you will not be aware of a denial-of-service attack until the application slows down or becomes unavailable. If you implement monitoring, you can identify a compromised user account or unusual query traffic as it happens. A poorly coded application might enable queries that do more than they should. A database firewall can be configured to permit only queries that conform to a specific pattern. 07:24 Nikita: There are so many potential types of attacks out there, right? Could you tell us about some specific ones, like SQL injection and buffer overflow attacks? Ravish: A SQL injection attack is a particular form of attack that modifies a SQL command to inject a different command to the one that was intended by the developer. You can configure an allow list in a database firewall to block such queries and perform a comprehensive input validation inside the application so that such queries cannot be inserted. A buffer overflow attack attempts to input more data than can fit in the appropriate memory location. These are usually possible when there is an unpatched bug in the application or even in the database or operating system software. Validation and the database firewall can catch this sort of attack before it even hits the database. And frequent patching of the platforms can mitigate risks that come from unpatched bugs. Malicious acts from inside the organization might also be possible. So good access control and authorization can prevent this. And monitoring and auditing can detect it if it occurs. 08:33 Lois: What about brute force attacks? How do they work? Ravish: A brute force attack is when someone tries passwords repeatedly until they find the correct one. MySQL can lock out an account if there have been too many incorrect attempts. Someone who has access to the physical network on which the application and database communicate can monitor or eavesdrop that network. However, if you encrypt the communications in flight, perhaps by using TLS or SSL connections, then that communication cannot be monitored. 09:04 Nikita: How do the more common threats like malware, Trojan horses, and ransomware impact database security? Ravish: Malware, ransomware, and Trojan horses can be a problem if they get to the server platforms or if client systems are compromised and have too much permissions. If the account that is compromised has only limited access and if the database is encrypted in place, then you can minimize the risks associated even if such an event occurs. There are also several risks directly associated with people who want to do the harm. So it's vital to protect personal information from any kind of disclosure, particularly sensitive information, such as credit card numbers. Encryption and access control can protect against this. 09:49 Lois: And then there are denial-of-service and spoofing attacks as well, right? How can we prevent those? Ravish: A denial-of-service attack prevents users from accessing the system. You can prevent any single user from performing too many queries by setting resource users limits. And you can limit the total number of connections as well. Sometimes, a user might gain access to a privileged level that is not appropriate. Password protection, multifactor authentication, and proper access control will protect against this. And auditing will help you discover if it has occurred. A spoofing attack is when an attacker intercepts and uses information to authenticate a user. This can be mitigated with strong access control and password policies. An attacker might attempt to modify or delete data or even auditing information. Again, this can be mitigated with tighter access controls and caught with monitoring and auditing. If the attack is successful, you can recover from it easily if you have a strong backup strategy in place. 10:50 Nikita: Ravish, are there any overarching best practices for keeping a database secure? Ravish: The MySQL installation itself should be kept up-to-date. This is the easiest if you install from a package manager on Windows or Linux. Your authentication systems should be kept strong with password policies or additional authentication systems that supplement or replace passwords entirely. Authorization should be kept tightly controlled by minimizing the number of active accounts and ensuring that those accounts have only the minimal privileges. You should control and monitor changes on the system. You can limit such changes with the database firewall and with tight access controls and observe changes with monitoring, auditing, and logging. Data encryption is also necessary to protect data from disclosure. MySQL supports encryption in place with Transparent Data Encryption, also known as TDE, and a variety of encryption functions and features. And you can encrypt data in flight with SSL or TLS. And of course, it's not just about the database itself but how it's used in the wider enterprise. You should ensure that replicas are secure and that your disaster recovery procedures do not open up to additional risks. And keep your backups encrypted. 12:06 Lois: Is there anything else we should keep in mind as part of these best practices? Ravish: The database environment is also worth paying attention to. The operating system and network should be as secure as you can keep them.  You should keep your platform software patched so that you are protected from known exploits caused by bugs. If your operating system has hardening guidelines, you should always follow those. And the Center of Internet Security maintains a set of benchmarks with configuration recommendations for many products designed to protect against threats. 12:38 Nikita: And that's a wrap on Part 1! Thank you, Ravish, for guiding us through MySQL's role in ensuring compliance and telling us about the various types of attacks. If you want to dive deeper into these topics, head over to mylearn.oracle.com to explore the MySQL 8.4 Essentials course. Lois: In our next episode, we'll continue to explore how user authentication works in MySQL and look at a few interesting MySQL Enterprise security tools that are available. Until then, this is Lois Houston…  Nikita: And Nikita Abraham, signing off! 13:12 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.

Curt Dukes, Executive Vice President and General Manager for Security Best Practices at the Center for Internet Security (CIS) joins the podcast this week. He shares insights from his more than 30 years with the NSA and how that journey led to the CIS and the synergies between the two organizations in providing cyber resources and fostering threat intelligence information sharing. And for those not familiar with the CIS he provides a great primer on this vital organization started 20 years ago by a group of private industry and government individuals who saw the escalating cyber threat landscape ahead and decided to organize and do something about it to make the connected world a safer place. And you don't want to miss his perspective on multi-factor authentication and its 99% success rate. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e313

TJ Sayers, cybersecurity expert with the Center for Internet Security, joins us to explore the security concerns around AI and, specifically, large language models. From integrating AI and LLMs into workflows, safeguarding sensitive data with techniques like anonymization and tokenization, to navigating security risks and privacy concerns, we discuss practical strategies to mitigate AI risks. We also examine AI's role in national defense, and we address the growing challenge of verifying the authenticity of content in an AI-driven information age.

Kmo's zijn steeds vaker doelwit van cybercriminaliteit, met gemiddelde schade van 100.000 euro per aanval. Cybercriminelen zijn nu georganiseerd en maken gebruik van geavanceerde technieken zoals AI voor phishing. Slechte wachtwoorden en verouderde software zijn vaak de eerste toegangswegen. Kmo's hebben vaak onvoldoende kennis en middelen om hun cybersecurity goed te beheren. Het is cruciaal dat bedrijven hun systemen in kaart brengen en regelmatig testen op zwakke plekken. Het Center for Internet Security biedt een framework dat helpt bij het implementeren van eenvoudige maar effectieve beveiligingsmaatregelen. https://i-force.be/service/it-security-audit

White House prioritizes secure internet routing, using memory safe languages Federal Trade Commission and CISA warn of hurricane-related scams Mozilla warns of Firefox zero day: patch now Huge thanks to our sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews. Visit vanta.com to learn more about Questionnaire Automation. For the stories behind the headlines, head on over to CISOSeries.com

Graph learning has gained prominent traction from the academia and industry as a solution to detect complex cyber-attack campaigns. By constructing a graph that connects various network/host entities and modeling the benign/malicious patterns, threat-hunting tasks like data provenance and entity classification can be automated. We term the systems under this theme as Graph-based Security Analytics (GSAs). In this talk, we first provide a cursory view of GSA research in the recent decade, focusing on the academic side. Then, we elaborate a few GSAs developed in our lab, which are designed for edge-level intrusion detection (Argus), subgraph-level attack reconstruction (ProGrapher) and storage reduction (SEAL). In the end of the talk, we will review the progress and pitfalls along the development of GSA research, and highlight some research opportunities. About the speaker: Zhou Li is an Assistant Professor at UC Irvine, EECS department, leading the Data-driven Security and Privacy Lab. Before joining UC Irvine, he worked as Principal Research Scientist at RSA Labs from 2014 to 2018. His research interests include Internet Security, Organizational network security, Privacy Enhancement Technologies, and Security and privacy for machine learning. He received the NSF CAREER award, Amazon Research Award, Microsoft Security AI award and IRTF Applied Networking Research Prize.

Download the guide: https://www.cisecurity.org/insights/white-papers/from-both-sides-a-parental-guide-to-protecting-your-childs-online-activityAre you a parent looking for guidance on how to keep kids safe online? Join us for a candid conversation with Sean Atkinson, CISO at the Center for Internet Security, and his daughter, Emma, as they discuss their journey of creating a guide designed to help families have conversations about online safety.In this episode, you'll learn:Why open communication is key: Discover how Sean and Emma fostered an environment of trust and understanding about online safety.Common online dangers: Understand the risks your child may face, such as sharing personal information, cyberbullying, and meeting strangers online.Practical tips for parents: Get actionable advice on how to set boundaries, have difficult conversations, and create a safe online space for your child.Whether you're a new parent or a seasoned digital native, this podcast will help you start conversations and find resources to help you protect your child in the ever-evolving online world.Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

Cyber Security Today: TfL Data Breach, Critical Vulnerabilities, and Insider Threats Join host Jim Love in 'Cyber Security Today' as we delve into the latest cyber security incidents and updates. Learn about Transport for London's data breach affecting thousands of customers, critical vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog, and the recent Microsoft Patch Tuesday addressing over 70 security flaws. We also discuss significant breaches at Avis, shocking domain purchase by a researcher highlighting internet trust issues, and insider threats exemplified by Daniel Rhyne's rogue actions against an industrial company. Stay informed with expert insights and essential recommendations! 00:00 Introduction and Breaking News 00:05 Transport for London Cyber Attack 01:04 New Vulnerabilities Added to CISA's KEV Catalog 02:38 Microsoft and Other Major Tech Companies Release Patches 04:02 Avis Data Breach 05:15 Security Researcher Buys Critical Domain 07:58 Insider Threat: The Daniel Rhyne Case 09:53 Conclusion and Final Thoughts

In the age of unprecedented digital surveillance, nothing stays hidden. Modern technology, once hailed as the liberator of communication and convenience, has woven an intricate web of mass surveillance where no action or memory is private. Every email, text, call, and even location pings from our devices are swept up by powerful global entities without the faintest trace of discretion. These data points are no longer mere packets of information—they have become the essence of our lived experiences, silently cataloged and stored indefinitely. From the intimate moments captured unknowingly on webcams to the precise geolocation data shared between cell towers, every digital interaction is stored in a permanent record, a digital diary of our lives. The ethical lines once held between national security and individual privacy have blurred beyond recognition, with the very organizations tasked with protecting us now spying on us. This realization came to a technologist deeply embedded in the intelligence community, witnessing firsthand the indifference of these powers to the moral implications of their reach. In a world where every moment becomes a permanent record, the question arises—how do we wish to live when we can no longer forget? With no real boundaries between right and wrong, the future is a place where our own data is weaponized against us, leaving generations to grapple with the consequences of complete transparency.

In "This Will Change How You See Everything," we peel back the layers of misinformation to reveal the hidden truths that shape our world. This podcast delves into the often misunderstood aspects of the internet, such as the dark net, exposing the truth behind media sensationalism and government overreach. We explore the immense influence wielded by global corporations like Black Rock, whose reach extends into nearly every facet of our lives, from the food we eat to the media we consume. By shining a light on these power structures, we challenge the narratives that dominate our understanding and empower listeners with the knowledge they need to protect their privacy and freedom. Each episode is a journey into the unseen, uncovering how much control is exerted over us and what we can do to reclaim our autonomy.In a world where information is tightly controlled, "This Will Change How You See Everything" is a podcast that dares to unveil the hidden forces shaping our reality. From the myths surrounding the dark net to the unspoken power of corporate giants like Black Rock, we dive deep into the truths that mainstream media often overlooks or distorts. This podcast explores the dark web's misunderstood nature, debunking the sensationalized narratives while revealing the real threats to our privacy and security. We also expose the immense and often unseen influence of Black Rock, a company whose reach extends into virtually every industry, from media and finance to agriculture and beyond. As we uncover how these entities manipulate global markets and personal data, we challenge our listeners to rethink their understanding of power, control, and freedom in the digital age. Join us as we navigate through the complexities of the internet, corporate dominance, and the implications of living in a world where a few powerful players hold the keys to our future.

"Exploring $20 in Vegas, Unique Names, and the Dark Web's Dangers | Save It For The Mic!" Description: "Join us on this episode of Save It For The Mic! as we dive into an eclectic mix of topics that range from the lighthearted to the deeply serious. We kick off with a fun hypothetical—what would you do with just $20 in Las Vegas? From gambling strategies and slot machine antics to dressing up for photos, our hosts explore creative ways to make the most out of a tight budget in Sin City. We also discuss the impact of unique names, highlighted by a story about someone named 'Lion King,' and delve into the rising trend of truck thefts leading to store robberies. The conversation takes a serious turn as we explore poverty, theft in affluent neighborhoods, and the need for effective support systems to break the cycle of poverty. Finally, we navigate the murky waters of the dark web, discussing its accessibility, the illegal and disturbing content it harbors, and the security risks involved. Whether it's the importance of using a Tor browser or understanding the dangers of identity theft, our hosts emphasize the need for caution when venturing into the hidden parts of the internet. Secondary Topics Discussed: The trend of criminals stealing trucks to rob stores. The prevalence of poverty and the necessity of support systems. The excitement and intricacies of fantasy football. #SaveItForTheMic #Podcast #LasVegas #UniqueNames #TruckTheft #StoreRobbery #DarkWeb #Gambling #SlotMachines #SupportSystems #FantasyFootball #CrimeTrends #InternetSecurity #EngagingDiscussions #InsightfulConversations

We start the show with Doug sharing some new additions to Proton, VPN discussion, and the importance of double authentication. Recaptcha, Google monopoly and more! Plus we take any and all of your tech questions that you may have on this edition of Tech Talk!

In this episode of Discover Daily by Perplexity, we explore groundbreaking developments in prime number theory that could reshape our understanding of mathematics and impact internet security. Mathematicians James Maynard and Larry Guth have made significant progress towards understanding the hidden structure of prime numbers, providing new insights into the famous Riemann Hypothesis. Their work improves bounds on where the nontrivial zeros of the Riemann zeta function cannot lie, crucial for understanding prime number distribution.Meanwhile, researchers from City University of Hong Kong and North Carolina State University claim to have developed a "Periodic Table of Primes" (PTP), challenging the long-held belief that prime numbers are unpredictable. This innovative approach claims to accurately predict the occurrence of prime numbers, with potential applications in finding future primes, factoring integers, and identifying twin primes. While still awaiting peer review, this breakthrough could have far-reaching implications for cryptography and data security.These advancements in prime number theory highlight the unexpected ways abstract mathematics can impact our daily lives. From enhancing internet security to advancing quantum physics, prime numbers continue to play a crucial role in shaping our digital world and pushing the boundaries of scientific knowledge. As mathematicians inch closer to resolving long-standing conjectures like the Riemann Hypothesis, we may be on the brink of a new era in number theory and its applications.Perplexity is the fastest and most powerful way to search the web. Perplexity crawls the web and curates the most relevant and up-to-date sources (from academic papers to Reddit threads) to create the perfect response to any question or topic you're interested in. Take the world's knowledge with you anywhere. Available on iOS and Android Join our growing Discord community for the latest updates and exclusive content. Follow us on: Instagram Threads X (Twitter) YouTube Linkedin

Cyber-attacks on state and local governments increased from 2022 to 2023, according to the Center for Internet Security.The FBI 2023 Internet Crimes Report said ransomware reports increased 18 percent from 2022 to 2023. Losses from the attacks totaled nearly $60 million.Last month, Monroe County Government was hit by a ransomware attack, halting some local government operations. Read more: Local governments fall prey to rise in ransomware attacksThe county immediately reported the incident to the Indiana Office of Technology as required by state law.  A ransomware attack also hit Clay County government in July. And Columbus experienced a data breach.The 2020 State of Hoosier Cyber Security Study indicated municipalities' concern of rising cyber-attacks.Indiana is working to prevent cyber security incidents, passing comprehensive consumer privacy laws. The state adopted a Cyber Incident Reporting Law in 2021. This week, we'll talk about recent cyber security breaches in local government and strategies for prevention.You can follow us on X @WFIUWTIUNews or join us on the air by calling 812-855-0811 or toll-free at 1-877-285-9348. You can also send questions for the show to news@indianapublicmedia.org.You can also record your questions and send them in through email.Guests Tracy Barnes, Indiana Office of Technology's Chief Information Officer and co-chair of the Indiana Executive Council on CybersecurityBecca McCuaig, Chief Legal Counsel for Accelerate Indiana MunicipalitiesScott James Shackelford, Professor of Business Law and Ethics at the Indiana University Kelley School of Business

TJ Sayers from The Center for Internet Security joins the show to help us understand Friday's tech outage and the cyber risks posed to critical infrastructure, Rebrand Gurus Vashisht Sharma and Christian Bacasa join the show to discuss the opening of their new location in Park City, and Joe Cronley of Edward Jones talks about what's driving the latest moves in the market.

Explore the transformative insights from Gautam Hazari, Co-Founder and CTO of Sekura Mobile Intelligence, as he delves into the intersection of telecom and technology, AI's role in shaping the future, and the imperative of humanizing digital experiences for enhanced security. 00:36- About Gautam Hazari Gautam is the co-founder and chief technology officer of Sekura Mobile Intelligence. He is a futurist and a technology enthusiast, an insightful, strategically driven Technology Leader with over 24 years of robust experience in the Telecoms industry. --- Support this podcast: https://podcasters.spotify.com/pod/show/tbcy/support

For a guy nobody wants to talk about, we certainly had a lot to talk about....On yet another very special episode we dive into the underbelly of the world of hacking, illegal surveillance and some occasionally deprived and really weird stuff in the new documentary Nobody Wants To Talk About Jacob Applebaum which is having a second screening tonight at the TIFF Bell Lightbox before it debuts on CBC Gem this coming Wednesday the 26th.Julian Assange, the founder of WikiLeaks, had a crucial hearing at London's High Court last week where judges approved a short extension on his appeal to challenge possible extradition to the U.S. to confront 18 charges, predominantly under the Espionage Act. His fate, and the fate of those who worked with him, is still up in the air. If and/or when Assange is extradited to the U.S., attention will surely shift to his closest allies, including American Jacob Appelbaum, referred to as “WLA3” (WikiLeaks Associate 3) in indictments against Assange, who himself is currently residing in exile in Germany.  A new film by Canadian filmmaker Jamie Kastner, "Nobody Wants To Talk About Jacob Appelbaum" delves into the intriguing yet troubled persona of Appelbaum, whose destiny appears tightly interwoven with Assange's, and the obscure subculture from which they both emerged.  Kastner ("The Skyjacker's Tale”, "There Are No Fakes," + ) embarks on a quest to unravel the mysteries surrounding Jacob Appelbaum.  The film includes interviews reluctantly secured from elusive individuals including Appelbaum himself, woven together with seldom-seen footage and original investigative efforts, forming a cautionary tale relevant to our times.No word of lie, but this one gets a little out there, we had the pleasure of sitting down with friend of the show, director Jamie Kastner about what drew him to this story, how the film sits just on the wrong side of uncomfortable at times plus a little bonus news about how one of his previous films actually helped to generate some positive results in the world.Nobody Wants To Talk About Jacob Applebaum is on CBC Gem this Wednesday June 26th. 

https://youtu.be/jE2m_BO_yyY This week on the podcast we cover the WatchGuard Threat Lab's Internet Security Report from Q1. In this episode, we discuss the latest trends in malware detections at the network and the endpoint, network attack trends, and malicious domains that targeted WatchGuard customers around the world.

Philip Gervasi welcomes back TJ Sayers, a cybersecurity expert with the Center for Internet Security, to discuss the latest FCC ruling on Net Neutrality and its impact on social media, specifically TikTok. We discuss the complexities of net neutrality, national security concerns, and the implications for American society. Join us as we explore how these regulations affect our access to information and the delicate balance between security and privacy in the digital age.

When Sean Atkinson says that “We're on a trajectory to have the most vulnerabilities ever identified in a single year, starting this year,” take note: As Chief Information Security Officer for the Center for Internet Security, he knows what he's talking about.He's referring to the ever-increasing tide of weaknesses and flaws that undermine the security of software used every single day by teams around the world. Between a more active threat landscape, demands for development velocity, and the rise of generative AI, the cat in this proverbial game of cat-and-mouse has their work cut out for them.In this conversation, Robin Tatam, Puppet's Evangelist and Certified Information Security Manager, talks with Sean about the role of a CISO, what's behind the unprecedented rise in vulnerabilities, and how smart integrations turn automation into a first-line defense against threats, misconfiguration, errors, and software vulnerabilities.Highlights:What a CISO actually does versus a CIO or a CTO The difference between “security” and “compliance” How compliance helps build the backbone of a long-term security posture Who really owns IT security and where IT operations fits into the security conversation What CIS Benchmarks are, what they do, and how CIS “wizards” keep them up-to-date on the latest vulnerabilities How Puppet's partnership with CIS puts the power of automation behind CIS's widely recognized frameworksSpeakers:Robin Tatam, Senior Technical Marketer and Evangelist, Puppet by PerforceSean Atkinson, Chief Information Security Officer, Center for Internet SecurityLinks:Learn more about Security Compliance Enforcement, a premium feature for Open Source Puppet and Puppet Enterprise that automates secure configurations hardened against CIS Benchmarks and DISA STIGsListen to Sean's podcast with CIS, “Cybersecurity Where You Are,” wherever you get podcastsFind Us Online:puppet.comApple PodcastsTwitterLinkedIn

Anyone who wants to watch porn on the internet in Australia in future will need a so-called porn pass. With this idea, Canberra wants to prevent children and young people from coming into contact with photos and videos that are inappropriate for their age. Can it work? - Wer in Australien künftig im Internet Pornos anschauen will, der braucht einen sogenannten Porno-Pass. Mit der Idee will Canberra verhindern, dass Kinder und Jugendliche mit Fotos und Videos in Kontakt kommen, die für ihr Alter unangemessen sind. Kann das funktionieren?

Episode: 1994 Encryption: abstraction in the world of practical business.  Today, guest scientist Andrew Boyd sends secret messages.

In today's podcast, we'll hear from Christin Cifaldi, Director of Product Development & Analytics, on the concept of scoping in cyber security. What is scoping, and what role does it play in the security landscape? Listen in to learn more.  

Join us for a crucial discussion on AI's impact on U.S. elections and cybersecurity with insights from New York City Mayor Eric Adams and experts from Cloudflare and the Center for Internet Security. Discover how AI both threatens and protects our electoral integrity and what measures are being taken to combat misinformation and enhance security. In another essential segment, explore the recent ransom payment by UnitedHealth following a cyberattack on Change Healthcare. Learn about the challenges in protecting sensitive patient data and the implications of the breach on healthcare operations and cybersecurity policies. Finally, delve into the vulnerability of Apache Cordova App Harness in a dependency confusion attack as reported by Orca and Legit Security. Understand the risks of using outdated third-party projects in software development and the steps taken by the Apache security team to address these vulnerabilities. For more detailed information: https://www.helpnetsecurity.com/2024/04/23/ai-election-misinformation/ https://www.cybersecuritydive.com/news/unitedhealth-paid-ransom-change-cyberattack/714008/ https://thehackernews.com/2024/04/apache-cordova-app-harness-targeted-in.html Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the Episode AI, U.S. elections, cybersecurity, misinformation, Eric Adams, Cloudflare, Center for Internet Security, ransomware, UnitedHealth, Change Healthcare, data breach, Apache Cordova, dependency confusion attack, software security, open-source vulnerabilities Search Phrases for the Episode AI influence on US elections cybersecurity threats in 2024 elections Eric Adams on social media as environmental toxin UnitedHealth ransomware attack details handling sensitive patient data in healthcare cyberattacks Change Healthcare cyberattack impact dependency confusion attacks in software vulnerabilities in Apache Cordova App Harness combating misinformation with AI in elections protecting elections from cyber threats Transcript: Apr24 AI in Elections: Guarding Against Misinformation, UnitedHealth's Ransomware Dilemma, and The Peril of Dependency Confusion in Apache Cordova It's official. UnitedHealthcare has confirmed that it paid a ransom to the cybercriminals that breached its subsidiary ChangeHealthcare. What additional measures are UnitedHealth taking to monitor and mitigate the fallout from this breach? AI is swiftly becoming a double edged sword in U. S. elections, with over 60, 000 daily cyber threats being mitigated against election bodies as we approach the critical 2024 election cycle. How can we balance the advancement of AI technology with the security and fairness of upcoming elections? And finally, researchers have discovered a vulnerability in the discontinued Apache Cordova App Harness project, allowing attackers to inject malicious code into the software supply chain, impacting unsuspecting users worldwide. So you may have heard that Change Healthcare was breached, it caused a lot of problems, well it just came out that the UnitedHealth Group who owns Change Healthcare has admitted to paying a ransom during the cyber attack that occurred in February. Their aim was to prevent further exposure of sensitive patient data. A spokesperson for UnitedHealth revealed to Healthcare Dive that the breach involved protected health information and personally identifiable information which could potentially impact a vast number of Americans. Further complicating the situation, it was discovered that 22 screenshots of what appear to be stolen files were posted on the dark web. These images, some containing detailed patient health information, were accessible online for approximately one week. And anything that goes online, it's really hard to get it off. But UnitedHealth has confirmed its ongoing efforts to monitor the internet and dark web for any signs of the compromised data. The ransom payment details remain undisclosed. However, a UnitedHealth spokesperson emphasized that the payment was crucial to the company's strategy to safeguard patient information. Reports have been circulating about the ransom, with Wired Magazine last month suggesting that a known cyber group, ALF or Black Cat, received a payment that looked Suspiciously like a ransom transaction. Additionally, TechCrunch reported that another cyber group, RansomHub, has threatened further disclosures of sensitive records to extort money from UnitedHealth. So if you're not tracking that situation, there is an episode, I don't know, a month or so ago, that lays it out a little better. But BlackCat. is assumed to have performed an exit scam on the dark web and a new ransomware group called Ransomhub acquired the data? and is double extorting UnitedHealthcare. UnitedHealth reports that medical claims, processing, and payment systems are slowly returning to normal, with Change now handling about 86 percent of its pre incident payment volume. UnitedHealth anticipates that the financial toll from the cyberattack could reach 1. 6 billion this year. It is also unlikely that Change will fully recover to its standard service levels before 2025. So in the wake of the incident, major healthcare associations have reached out to the HHS office for civil rights, seeking clarification on who is responsible for issuing data breach notifications to avoid redundancy and confusion among patients. UnitedHealth is preparing to take on the breach reporting and notification responsibilities for all customers potentially affected by this incident, marking a critical phase in addressing the fallout from this significant data breach. So it's no secret that the introduction of artificial intelligence, or large language models, or machine learning, or whatever you want to call it, chat GPT, has really thrown a wrench into the content that's on the internet, from your advertisements, to actual news articles, to podcasts, to anything you consume is now probably being touched by large language models in one way or another. And this is going to have a huge effect. over the upcoming United States 2024 election cycle. As this election looms, the balance of power hangs between defending our digital frontiers and ensuring fair electoral processes. Recent reports from Cloudflare highlight the intensity of this battle, revealing over 60, 000 daily cyber threats against U. S. election bodies, which is a staggering number that underscores the global stakes within 70 elections in 40 countries also on the line this year. AI's dual nature presents a formidable challenge. It's a tool that can both safeguard and undermine the electoral process. The ease with which AI can fabricate convincing digital personas and disseminate misinformation across social platforms is alarming. This capability has turned social media into a double edged sword. prompting New York City Mayor Eric Adams to label it an environmental toxin. On the defense side, there is a pressing need for stringent AI regulation and robust cybersecurity measures. The Biden administration has responded by establishing a task force aimed at combating AI generated misinformation and bolstering public awareness about the potential misuses of this technology. The legislative landscape is also evolving, with states like Texas and California pioneering criminal penalties for the misuse of AI in political campaigns, several proposed bills in Congress seek to regulate AI more broadly. Check out the articles linked in our show notes for more information on that, it's a very interesting topic. tactic that these states are using against misuse of AI. To fortify our elections, experts suggest that political parties and candidates should consider appointing dedicated AI and data protection officers. This strategy parallels traditional physical security measures and is complemented by initiatives from organizations like the Center for Internet Security, which continues to refine tools that enhance the cybersecurity of election systems. Now, this isn't breaking news, but it continues to evolve as we get closer to the election, and we're not there yet. We're not in a place that we can confidently identify artificially created content and label it as such, or as untrue, or misleading, etc. Accurately. and The only way we'll ever be able to safeguard against this is with a foolproof method to do this labeling, remove the content from certain platforms, and just have an understanding of what constituents are consuming. We don't even have that. So we have a long way to go in the next coming months, and we'll try to keep you posted here on the Daily Decrypt. And finally, for our more technical folks, a concerning vulnerability has been uncovered in an archived Apache project known as Cordova App Harness. This vulnerability called a dependency confusion attack has researchers sounding the alarm. So dependency confusion attacks occur when package managers prioritize public repositories over private ones, allowing threat actors to sneak malicious packages into the mix. As a result, unsuspecting users may inadvertently download these fraudulent packages instead of the intended ones. So according to a report by the cloud security company Orca, nearly half of organizations are vulnerable to such attacks. That's a lot. While fixes have been implemented by NPM and other package managers to address this issue, the Cordova app harness project was found to have a vulnerability of its own. The project, which was discontinued by the Apache Software Foundation in 2019, lacked proper internal dependency referencing, leaving it wide open to supply chain attacks. The security firm LegitSecurity, sounds legit, demonstrated how easy it was to upload a malicious version of the dependency, attracting over 100 downloads before being detected. This incident serves as a stark reminder of the risks associated with using third party projects and dependencies, especially those that are no longer actively maintained. As security researcher Ofek Haviv points out, neglecting these projects can leave software systems vulnerable to exploitation. The Apache security team has since intervened by taking ownership of the vulnerable package. That's huge. But the episode underscores the importance of vigilance in software development practices. So we're going to continue to rely on open source projects, but it is crucial to prioritize security and regularly update dependencies to mitigate potential risks. That's all we got for you today. Thanks so much for listening. If you're a fan of the podcast, please turn to Instagram or YouTube or Twitter and give us a follow, a like, and Maybe a comment on one of the videos. We'd absolutely love to hear from you if you have any feedback, but until then, we will talk to you some more tomorrow.

This is a Tuesday Tips episode where you will hear host Drew Neisser, CMOs, and other B2B experts share their hard-earned wisdom and fresh marketing insights in a bitesize format. Featuring: James (JD) Dillon of Tigo Energy, Laura MacGregor of Center for Internet Security, Grant Johnson of Billtrust, Julia Goebel of Komodo Health, Julie Kaplan of CareMetx, LLC, and Eric Quanstrom of CIENCE To see the video versions, follow Drew Neisser on LinkedIn or visit our YouTube channel—The Renegade Marketing Hub! And if you're a B2B CMO, check out our thriving community: https://cmohuddles.com/

John Cohen is an expert on terrorism, counter-intelligence, law enforcement, and homeland security. He served as the acting chief of intelligence at the Department of Homeland Security, and now heads the Center for Internet Security.  In this interview, John talks about the rise of domestic terrorism, and how law-enforcement is attempting to counter it.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Joining the podcast this week is Tony Sager, Senior Vice President and Chief Evangelist for the Center of Internet Security and shares insights from his 45+ years on the security front lines, including 34 years at the NSA. Risk was a big theme of the discussion particularly looking at risk through a similar lens as we view other risky domains, such as the great work being done with the Cyber Safety Review Board. (And he shares color on the power of being okay with the risk of being wrong sometimes.) He also shares perspective on moving to incentive-based cyber models (such as what's been done in Ohio and Connecticut), and the criticality of translating technology, attacks & attackers into public policy and market incentives. And it can't be a great cyber discussion without addressing the growing sophistication of cyber criminals and their organizations – really becoming the defacto organized crime success path today. Tony Sager, Senior Vice President and Chief Evangelist for the Center for Internet Security Sager is a SVP and Chief Evangelist for CIS. He leads the development of the CIS Critical Security Controls™, a worldwide consensus project to find and support technical best practices in cybersecurity. Sager champions of use of CIS Controls and other solutions gleaned from previous cyber-attacks to improve global cyber defense. He also nurtures CIS's independent worldwide community of volunteers, encouraging them to make their enterprise, and the connected world, a safer place. In November 2018, he added strategy development and outreach for CIS to his responsibilities. In addition to his duties for CIS, he is an active volunteer in numerous community service activities: the Board of Directors for the Cybercrime Support Network; and a member of the National Academy of Sciences Cyber Resilience Forum; Advisory Boards for several local schools and colleges; and service on numerous national-level study groups and advisory panels. Sager retired from the National Security Agency (NSA) after 34 years as an Information Assurance professional. He started his career there in the Communications Security (COMSEC) Intern Program, and worked as a mathematical cryptographer and a software vulnerability analyst. In 2001, Sager led the release of NSA security guidance to the public. He also expanded the NSA's role in the development of open standards for security. Sager's awards and commendations at NSA include the Presidential Rank Award at the Meritorious Level, twice, and the NSA Exceptional Civilian Service Award. The groups he led at NSA were also widely recognized for technical and mission excellence with awards from numerous industry sources, including the SANS Institute, SC Magazine, and Government Executive Magazine. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e273

In this eye-opening episode, Scott interviews City of Tomball Assistant City Manager Jessica Rogers. Cyber-criminals hacked Tomball at the end of 2022, and the city is still – one year later – dealing with the aftermath. In this episode – which should be required listening for every city manager in Texas (and beyond) – Jessica explains exactly what it's like to have essentially every computer system go down, including 9-1-1 dispatch, utility metering and billing, permitting, and everything in between. She'll also describe the long road to getting everything up-and-running. Don't miss this chill-inducing story.        Further Information:Texas City Management Association's “TCMA Messenger” Newsletter article: “There and Back Again, An ACM's Journey”Center for Internet Security's 2022 Nationwide Cybersecurity ReviewTML Risk Pool's Cyber Liability Home Page

The CyberMaryland Conference is an annual event presented by the CyberMaryland Advisory Board in conjunction with academia, government and private industry organizations. In this episode, Tony Sager, Senior VP & Chief Evangelist at the Center for Internet Security, joins host Heather Engel at this year's conference – which took place from December 6th to 7th, 2023, in Hyattsville, Maryland – to discuss his experience, the future of cybersecurity and risk management, and more. Learn more about the CyberMaryland Conference, and our sponsor, the Federal Business Council, at https://cybermarylandconference.com.

Proxy trojan targets macOS users for traffic redirection Indoor navigation has had a slow start Krasue RAT uses cross-kernel Linux rootkit to attack telecoms U.S. approves first gene-editing treatment, Casgevy, for sickle cell disease The DNS Deep-Drive continues with guests Josh Kuo, DNS expert, and Ross Gibson, Principal Solutions Architect of Infoblox, to talk about external authoritative DNS - whether enterprises should fully manage their own external DNS or use managed services, threats like domain hijacking, using load balancers, and more. Hosts: Curtis Franklin and Brian Chee Guests: Josh Kuo and Ross Gibson Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT lookout.com vanta.com/ENTERPRISE

Proxy trojan targets macOS users for traffic redirection Indoor navigation has had a slow start Krasue RAT uses cross-kernel Linux rootkit to attack telecoms U.S. approves first gene-editing treatment, Casgevy, for sickle cell disease The DNS Deep-Drive continues with guests Josh Kuo, DNS expert, and Ross Gibson, Principal Solutions Architect of Infoblox, to talk about external authoritative DNS - whether enterprises should fully manage their own external DNS or use managed services, threats like domain hijacking, using load balancers, and more. Hosts: Curtis Franklin and Brian Chee Guests: Josh Kuo and Ross Gibson Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT lookout.com vanta.com/ENTERPRISE

Proxy trojan targets macOS users for traffic redirection Indoor navigation has had a slow start Krasue RAT uses cross-kernel Linux rootkit to attack telecoms U.S. approves first gene-editing treatment, Casgevy, for sickle cell disease The DNS Deep-Drive continues with guests Josh Kuo, DNS expert, and Ross Gibson, Principal Solutions Architect of Infoblox, to talk about external authoritative DNS - whether enterprises should fully manage their own external DNS or use managed services, threats like domain hijacking, using load balancers, and more. Hosts: Curtis Franklin and Brian Chee Guests: Josh Kuo and Ross Gibson Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT lookout.com vanta.com/ENTERPRISE

Steve Gibson speaks with Ant Pruitt on this episode of Security Now as a listener asks about the best practices for managing a child's internet access. For the full episode, go to: https://twit.tv/sn/950 Hosts: Steve Gibson and Ant Pruitt You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT

3:05pm- On Monday afternoon, Fox News announced that their prime-time host Tucker Carlson will be leaving the network. According to reports, Fox News will rely on a rotation of hosts until ultimately deciding on a successor. Carlson's final broadcast on the network was Friday of last week. According to Bloomberg News, after announcing the departure of Carlson, Fox News lost nearly $700 million in market capitalization.  3:25pm- What's next for Tucker Carlson—another news network? A podcast? Perhaps even a run for political office? Regardless, Fox News better have a back-up plan because he hosted the number-one-rated news program on cable television. 3:40pm- Dan McLaughlin—Senior Writer at National Review and a Fellow at National Review Institute—joins The Rich Zeoli Show to discuss his recent editorial, “The Tiki-Torch Charges Are Prosecutorial Abuse.” McLaughlin writes, “[t]he Charlottesville racists should be denounced, but prosecuting them for peaceful protest is abusive, unfair, and probably unconstitutional.” You can read the full article here: https://www.nationalreview.com/2023/04/the-tiki-torch-charges-are-prosecutorial-abuse/ 3:55pm- Speaking with Bill Whitaker of 60 Minutes on CBS, January 6th rioter Ray Epps accused Tucker Carlson of being “obsessed with him and wrongfully accusing him of being an employee of the federal government. Following his interview, the Federal Bureau of Investigation (FBI) stated: “Ray Epps has never been an FBI source or an FBI employee.” 4:05pm- Will Tucker Carlson's departure result in the downfall of Fox News? Will his loyal audience still tune in without him appearing as a host on the network? According to Bloomberg News, after announcing the departure of Carlson, Fox News lost nearly $700 million in market capitalization.  4:10pm- Appearing on the Make Yourself at Home podcast, Bud Light Marketing Vice President Alissa Heinerscheid mocked her company's customers for being “fratty and out of touch.” Months later, the brand's association with trans-activist Dylan Mulvaney resulted in the company losing an estimated $5 billion in market capitalization. According to reports, Heinerscheid is now taking a leave of absence. 4:30pm- Congressman Guy Reschenthaler— Representative for Pennsylvania's 14th District and serving on the House Appropriations Committee & the House Committee on Rules—joins The Rich Zeoli Show to discuss Speaker of the House Kevin McCarthy's (R-CA) plan to raise the debt ceiling in exchange for cuts to federal government spending. Is there any chance President Joe Biden will agree to the Republican proposal? Rep. Reschenthaler also talks about his recent trip to Taiwan—where Taiwanese government officials expressed concern that a Chinese invasion could be imminent. How can we help guarantee Taiwanese autonomy?  4:50pm- While speaking with Rick Rubin, Phil Jackson—a thirteen-time NBA champion and widely regarded as the greatest coach in basketball history—said he no longer watches NBA games because the league has become too immersed in political activism. 5:05pm- The Drive at 5: Over the weekend, news spread that President Joe Biden is planning to announce his reelection campaign as early as Tuesday. During an MSNBC broadcast, pollster Steve Kornacki noted that only 26% of Americans think Biden should run for reelection, with 70% saying he should not run. On ABC's This Week with Martha Raddatz, journalist Terry Moran said Americans do not want to vote for an 80-year-old president. Are Democrats finally starting to realize President Biden's age is a major problem? 5:20pm- While speaking with Maria Bartiromo on Fox News, Congressman James Comer (R-KY) revealed that he believes as many as twelve Biden family members have been involved in Hunter Biden's foreign business dealings—concluding “there's not going to be anybody left for a Christmas picture!” 5:40pm- Dr. Victoria Coates—former Deputy National Security Advisor & Senior Research Fellow at The Heritage Foundation—joins The Rich Zeoli Show to talk about a recent Washington Post article, “EPA Plan Would Impose Drastic Cuts On Power Plant Emissions by 2040.” What are the consequences of immediately abandoning traditional, reliable forms of energy for less reliable, and less abundant, “green energy”? Dr. Coates also discusses the United States embassy evacuating diplomats and staff from Sudan on Sunday as fighting between the Sudanese army and paramilitary forces continues.  6:05pm- While appearing on Inside with Jen Psaki on MSNBC, Congresswoman Alexandria Ocasio-Cortez accused Tucker Carlson of “inciting violence” and that Fox News should be regulated.  6:15pm- What is John Kerry's favorite ice cream? Well, thanks to a hard-hitting interview conducted by MSNBC's Jen Psaki we now know that it is a chocolate-covered Dove bar!  6:35pm- In a new editorial, Reason's Robby Soave documents Congresswoman Stacey Plaskett's (D-US Virgin Islands) threat to charge independent journalist Matt Taibbi with perjury for a typo. Soave writes, “Plaskett recently sent a letter to Taibbi accusing him of perjury and suggesting that he could face up to five years in jail…It is true that Taibbi made some errors: In one of his tweets about the web of organizations engaged in identifying so-called misinformation on Twitter, he confused CISA, the Cybersecurity and Infrastructure Security Agency—an organ of the federal government—with CIS, the Center for Internet Security—a nonprofit…Regardless, it is obviously not the case that Taibbi committed perjury. Plaskett's letter describes the CISA/CIS mistake as an ‘intentional' one; this is simply false.” Ironically, over the weekend, Vice President Kamala Harris referenced a non-existent federal agency while discussing the controversial abortion drug mifepristone. Should Vice President Harris be criminally punished too? You can read Soave's full article here: https://reason.com/2023/04/20/matti-taibbi-stacey-plaskett-jail-time-twitter-files-perjury/ 6:50pm- CNN unearthed a campaign ad from Joe Biden's 1972 Senate run where he suggested his opponent, Cale Boggs, was too old to serve effectively. 

The Rich Zeoli Show- Hour 4: While appearing on Inside with Jen Psaki on MSNBC, Congresswoman Alexandria Ocasio-Cortez accused Tucker Carlson of “inciting violence” and that Fox News should be regulated. What is John Kerry's favorite ice cream? Well, thanks to a hard-hitting interview conducted by MSNBC's Jen Psaki we now know that it is a chocolate-covered Dove bar! In a new editorial, Reason's Robby Soave documents Congresswoman Stacey Plaskett's (D-US Virgin Islands) threat to charge independent journalist Matt Taibbi with perjury for a typo. Soave writes, “Plaskett recently sent a letter to Taibbi accusing him of perjury and suggesting that he could face up to five years in jail…It is true that Taibbi made some errors: In one of his tweets about the web of organizations engaged in identifying so-called misinformation on Twitter, he confused CISA, the Cybersecurity and Infrastructure Security Agency—an organ of the federal government—with CIS, the Center for Internet Security—a nonprofit…Regardless, it is obviously not the case that Taibbi committed perjury. Plaskett's letter describes the CISA/CIS mistake as an ‘intentional' one; this is simply false.” Ironically, over the weekend, Vice President Kamala Harris referenced a non-existent federal agency while discussing the controversial abortion drug mifepristone. Should Vice President Harris be criminally punished too? You can read Soave's full article here: https://reason.com/2023/04/20/matti-taibbi-stacey-plaskett-jail-time-twitter-files-perjury/ CNN unearthed a campaign ad from Joe Biden's 1972 Senate run where he suggested his opponent, Cale Boggs, was too old to serve effectively.

Brett Johnson committed tax fraud and credit card fraud from a desk inside the FBI offices for almost a year before going on a cross-country crime spree, stealing $600,000 in four months, making the US Most Wanted list, going to Disney World, getting sent to prison AND THEN ESCAPING! But let's back up…In today's episode of The James Altucher Show, we sit down with Brett Johnson, a man who has lived a double life. Once the leader of ShadowCrew & Counterfeit Library - precursors to the modern dark web - he's now a sought-after cybersecurity expert and consultant, using his insider knowledge of the criminal underworld to help organizations defend themselves against cyber threats.Brett takes us on a wild ride through his upbringing at the hands of manipulative criminal parents, his rise through the burgeoning world of cybercrime and social engineering beginning with mid-'90s eBay fraud, and how his yearning for love and acceptance concluded with his arrest by federal law enforcement.Instead of continuing down the path of criminal activity, Brett has found a way to use his expertise to make the digital world a safer place for all of us. Redemption is possible. No matter what mistakes you've made in the past, it's never too late to turn your life around and use your skills for good.------------Visit Notepd.com to read our idea lists & sign up to create your own!My new book Skip the Line is out! Make sure you get a copy wherever books are sold!Join the You Should Run for President 2.0 Facebook Group, where we discuss why you should run for President.I write about all my podcasts! Check out the full post and learn what I learned at jamesaltucher.com/podcast.------------Thank you so much for listening! If you like this episode, please rate, review, and subscribe  to “The James Altucher Show” wherever you get your podcasts: Apple PodcastsStitcheriHeart RadioSpotifyFollow me on Social Media:YouTubeTwitterFacebook